RISK MANAGEMENT OF INTERNET BANKING IN KOREA, INDONESIA, AND NEW ZEALAND

Management of Financial Institutions, Prof. Young-jin Kim

RISK MANAGEMENT OF INTERNET BANKING

IN KOREA, INDONESIA, AND NEW ZEALAND

2011-11214 YEONHA KIM

2014-81791 SUJIN KIM

2014-81824 MEGA PUSPITA PERTIWI

i

INDEX

I. INTERNET BANKING

A. The Increasing Importance of Internet banking

B. The Function of Internet banking

1. Internet Banking’s function in Korea

2. Internet Banking’s function in Indonesia

3. Internet Banking’s function in New Zealand

C. New Issues

D. Internet banking Risks

1. Transactional Risks

2. Compliance Risks

3. Reputation Risks

4. Information Security Risks

II. RISK MANAGEMENT

A. Korea

B. Indonesia

C. New Zealand

III. CONCLUSION

BIBLIOGRAPHY

1

I. INTERNET BANKING

A. The Increasing Importance of Internet banking

Internet banking is one way to perform banking transactions and has simplified the

transaction process, increasing both accessibility and availability for the customer. Internet

banking is the use of internet, as a remote delivery channel for a wide range of banking

services including opening a deposit account, electronic bill presentation and payment,

transferring funds among different accounts, and so on (Kim, 2003).

Internet banking has significant role in cost reduction and efficiency in banking firms. It cut

the cost of activities that need physical assistance that usually demand higher fees. It is also

the source of productivity gain as employees doesn’t need to interact more with other

employees and disturb each other work over a transaction problem because they can solve it

using their personal computer. Any delayed transaction or fraud also can be detected easily

and quickly using internet banking. In this dynamic world where everything is connected and

borderless caused by internet, internet banking is a convenience thing for customer. However,

internet banking also has several drawbacks and risks that have to be well managed by

banking firms.

B. The Function of Internet banking

Broadly, the level of banking services offered through the internet can be categorized into

three groups based on accessibility. First, ‘Information-only systems’ or Level I system, are

general purpose information such as interest rates, branch location, bank products and their

features that can be found on the bank’s website (Internet Banking, 2008). Also, the

communication and queries are made through email. Such kind of function is static and does

not involve any backend database. At this stage, there is no interaction between the customer

and bank’s application system, or identification of the customer.

Next, ‘electronic information transfer systems’ or Level II systems are interactive in that they

provide the ability to transmit sensitive messages, files, or documents between the bank and

users (Internet Banking, 2008). These include customer-specific information like account

balances, transaction details, and statement of accounts, all fetched from the bank’s

application systems which are not directly accessible through the internet.

2

The third level of internet banking functions is called ‘fully-transactional systems’ and it

facilitates electronic funds transfer and other financial transactions, allowing the customers to

operate their accounts, ie ‘bi-directional’ capabilities (Internet Banking, 2008). This system

comprises technology covering computerization, networking and security, inter-bank

payment gateway and legal infrastructure and therefore requires high degree of security and

control.

This is an overview of the internet banking functionality-three categories for electronic

capabilities. The relevant services in three different countries-Korea, Indonesia, New

Zealand- have been compared in accordance with each level of functionality.

1. Internet Banking’s function in Korea

Internet banking in Korea is very well-developed. According to the Bank of Korea, 57.29

million online accounts (of 49 million population; multiple accounts are also counted) as of

September 2009, and 29.03 million transactions are recorded on average per day, with 30.17

trillion Won (Kim et al, 2011, p.1). Here, KB(Kookmin Bank) will be used as a benchmark of

Korean Internet Banking; following information can be found in KB Banking Website KB

star, https://www.kbstar.com/#.

a. Level 1 Systems

General information is well provided in almost all bank websites in Korea. KB website has

several information sections to communicate their services apart from transactions to

customers. KB provides information regarding products regarding Foreign Exchanges,

Annuities, Real estate, and there are several customer-based

variations including Rock-Star(for young adults) and Gold

& Wise(premium customer services). The website also

provides general information of bank including Investor

Relations information, Corporate Social Responsibilities

and Customer Services Centre. All of the services are also

presented in English, Chinese and Japanese.

What is noteworthy level 1 system of KB is that it has a

3

specialized website dedicated to providing general financial information and journals as well

as product information. It is called “KB Information Arena”(https://otalk.kbstar.com), and

provides e-Book services and its own Magazine article services.

b. Level 2 Systems

KB “transfers information” of accounts via internet banking.

There are three major sections in the KB accounts; Individual,

Corporate, and Golden Life Banking (for Senior citizens with

retirement purposes). Each section, once logged-in, enables

customers to check what kinds of accounts or products they

purchased and to be updated on their recent transactions

amount and remaining value of each account. This

information transference is available for Deposits, Funds, Loans, Insurance policies and

Trusts for all three sections.

c. Level 3 Systems

First, KB provides financial transferring services for customers, within and outside the Bank.

This process generally requires a hardcopy of “Security Card(보안카드)” with several

security codes printed on it. Customers need to enter a selected few numbers printed on the

card in order to finish the transfer; and sign the transaction with “Public Key

Infrastructure(공인인증서)”. This Public Key Certificate will be, on the latter parts of the

essay, the focal point of the Security risks in Korean Banking System. KB also provides

customers to further transfer public utilities charge via website. It requires KB accounts.

2. Internet Banking’s function in Indonesia

a. Level 1 System

Indonesia has 120 banks consist of 4 state owned banks and 116 private banks. Three (Bank

Mandiri, Bank Rakyat Indonesia, Bank Nasional Indonesia) out of four state owned bank are

in top 5th

largest bank in Indonesia with 33% market share. In term of internet banking, they

serve the customers with complete and convenience websites providing general information

needed. The complete and convenience website also provided by almost other banks. The

4

general information banks provide in their websites are product and service information,

foreign exchange, corporate governance, contact, investor relation, consumer banking, career,

news update about the bank, and many others. The service is provided only in two languages,

Indonesia and English.

Bank Mandiri, the largest bank in Indonesia, provides very complete features in its website

(http://www.bankmandiri.co.id/english/index.aspx). It provides explanation about the features

such as internet and mobile banking, ATM, and Mandiry Call; the consumer banking such as

Mandiri debit, prepaid, creditcard, loans, priority service, and payroll package; microfinance;

commercial banking’s information related to cash loan, cash management, trade finance and

services, etc. The customer is differentiated by two categories: personal and business. The

website also provides the news about banking firm, events and promotion, and also safety

guidance to inform customers about security issues.

b. Level 2 System

The customers of Bank Mandiri can access saving account (Mandiri Saving, Mandiri

Business Saving, Mandiri Dollar, Mandiri Planned Saving), Individual Giro (rupiah and other

foreign currencies), Deposit (rupiah and other foreign currencies), Credit Card and Individual

Loan Account only with one ID and password. Once they logged in, they can check their

balance, transfer money, pay bills, top up the mobile phone, plan for time deposits, change

PIN, managed transfer list history and plans, and change their personal settings.

c. Level 3 System

In using internet banking, customer doesn’t need to install any application. But, every

financial transaction should be accompanied with additional securing device named Token

(an additional securing device for financial transaction on Mandiri e-banking to enable

customer to conduct transaction by yielding always-change PIN (dynamic PIN) every time

the customer conducts financial transactions).

Every transaction will yield reference number to be used if a question emerges or a problem

occurs related to the transaction. If no activities exist for 10 minutes, system will

automatically log out customer’s access to prevent unauthorized misuse (bankmandiri.com).

Bank Mandiri use Security SSL 3.0 with 128-bit encryption system for their internet banking.

3. Internet Banking’s function in New Zealand

5

In New Zealand, there are five major banks; ANZ National, ASB, Bank of New Zealand,

Kiwibank, and Westpac all of which facilitate internet banking. According to data released by

Statistics New Zealand in 2013 (Canstar, 2013), approximately 2.05 million New Zealanders

use internet banking, up from 1.74 million in 2009. As demand for internet banking increases

in New Zealand, the banks attempt to differentiate their products and services in various ways.

a. Level 1 System

All of the NZ major banks’ websites display reports, banking products (deposits, loans,

insurance, mortgage, etc) along with their features and provide online tools to calculate

budgets, rates, fees, foreign exchange rates. Despite slight differences in the layout and

categories, all the banks have categorized the information into 3 main groups-Personal,

Business and Rural. ANZ has another section-Institutional where information on relationship

management and economics and market research is well displayed. Not only the online

display but also direct contact with customers contributes to delivering information in the

form of queries and replies. Canstar (2013) reported that ASB ranked as the best provider of

internet banking in New Zealand in 2013. The ASB website scored well for excellent online

help, chat and phone back up, and the ‘virtual branch’ allows Facebook users to chat in real

time with dedicated banking specialists, where they can make product enquiries, obtain

general advice on products, set up automatic payments and direct debits. These features

indicate that ASB has had a good focus on the communication with customers to deliver

general information more efficiently. The other banks also have an email system on their

website to interact with customers for the ‘information-only’ purpose.

b. Level 2 System

The electronic information transfer systems allow customers to see their account balances,

and transactions (checks written, purchases, transfers, etc) and to download transaction

information. The information at this stage is largely of the ‘read-only’ format. ASB’s internet

banking, FastNet Classic enables customers to view their account balances and transactions.

In specific, there is a FastNet Classic service called ‘Track My Spending’ which shows

customers where they spend their money. With this service, the customers can assign

categories to each of their transactions (e.g. Food and Groceries, Vehicle and Transport) and

see how it all adds up (Canstar, 2013). The other banks like BNZ and Kiwibank provide

similar services, YouMoney and Heaps! respectively. Identification and authentication of the

6

customer is through password. By logging into their account, customers are able to make

access to their accounts 24/7.

c. Level 3 System

At ‘fully-transactional’ level, customers are directly engaged in the performance of banking

transactions. According to CANSTAR’s research, the functionality of internet banking that

customers value most includes product applications, banking services, reporting, self-service,

communication and security, the majority of them being ‘level III system’ functions. Product

applications can be submitted by customers online. Through internet banking, the ASB

customers may open a new account (insurance, sharetrading, deposits, term deposits), apply

for loans, enroll for Kiwisaver scheme (NZ’s national pension), request an ASB PayTag (a

sticker that customers can put on their mobile phone to allow you to make contactless

payment), and open a new credit/debit card. At this level, internet banking users can not only

view their accounts but also interact with the data by rearranging, categorizing and tagging on

as well as store all the data, images, and reports for future references. For instance, the ASB

customers are able to categorize their spending while BNZ’s YouMoney enables customers to

personalize their accounts and payees with relevant images and set savings goals which can

be tracked at a glance by progressive bars (Canstar, 2013). The internet banking users can

make various payments, and transfer funds. The ASB internet banking users are able to make

one-off payments, pay bills and taxes, set up or cancel automatic payments, transfer money

between accounts, and order foreign exchange or transfer money overseas. Apart from these,

ASB facilitates the ‘online vault’ where customers can store their important information in

one place (ASB, n.d). To compare, the other major banks in New Zealand enable similar

functions through their websites and these functions are highly likely to be offered in other

countries as well. One caveat for New Zealand is that it is a multinational country where

people from all over the world move in to live. Therefore, most of New Zealand’s

commercial banks provide online migrant banking packages which enable users to open a

bank account before they arrive in New Zealand, make home loans, vehicle finance, online

international money transfer, and so on. Lastly, internet banking users should be able to

update their personal details without visiting a local branch. As this level of systems involves

bi-directional transactions from both customers and banks, online security is a major concern.

C. New Issues

7

Along with the increasing number of internet banking users, the significance of e-banking

risks is also highlighted. The major risk can be defined as information technology risks and

the magnitude of IT risks depend on the size of banks as small banks tend to purchase tested

technology or outsource, while large banks are likely to develop technology by themselves.

Due to unprecedented speed of technological change in the last decade, almost every industry

field has been encouraged to adopt technology and make technology investments which

indeed contributed to the firm’s increased capability to provide consistently high-quality

products and services, as outlined by the functions of internet banking.

However, technology investments lead to several financial risks such as credit risk, interest

rate risk, and liquidity risk (Richards, n.d.). Credit risk is the risk to earnings or capital from a

customer's failure to meet his financial obligations. Internet banking enables customers to

apply for credit from anywhere in the world. Banks will find it difficult to verify the identity

of the customer, if they intend to offer instant credit through the internet and the probability

of default could increase. Interest rate risk is caused by movements in interest rates. Internet

banking can attract loans and deposits from a larger pool of customers. Also, considering that

it is easy to compare rates across banks, pressure on interest rates is higher, accentuating the

need to react quickly to changing interest rates in the market. Liquidity risk is the risk from a

bank's inability to meet its obligations. Internet banking may increase deposit and asset

volatility, especially from customers who maintain accounts solely because they are getting a

better rate. These customers tend to pull out of the relationship if they get a slightly better rate

elsewhere. Due to the fact that all the financial risks are interrelated, careful control of each

risk factor is highly required. (Ramakrishnan, 2001)

In terms of operational risks, security is the most alarming issue. Security risks expose the

banking firm to malicious hacker or insider attacks, viruses, denial-of-service attacks, data

theft, data destruction and fraud. The speed of change of technology and the fact that the

internet channel is accessible universally makes this risk especially critical. Therefore, the

need for banks to assess and manage security risks is becoming even more crucial.

D. Internet banking Risks

1. Transactional Risks

Transactional risk refers to the “recent and potential peril to income and investment coming

up from hoax, blunder, disregard and the incapability to sustain anticipated service intensity”

8

(Osunmuyiwa, 2013, p.52). Income and investment risks, in other words, refers to the

business risks. Business risks are likely to increase with internet banking products; intricate

internal controls and interfaces are needed as well as regular accesses, which may increase

the possibilities of blunder. Non-refutation of transactions and the ability to guarantee data

are also needed (Osunmuyiwa, 2013, p.52).

Moreover, as internet banking has detailed system, there are possibilities for errors in system

links and procedures also (Osunmuyiwa, 2013, p.52).

2. Compliance Risks

Compliance risk refers to the “recent and potential peril to income and investment arising due

to the inability to conform to, or infringements of, decrees, guidelines and moral values”

(Osunmuyiwa, 2013, p.52). Compliance risk is correlated with banks’ reputation as well as

financial fatalities. Ruined reputation will result in lower status in comparison with

competitors and reduced business opportunities (Osunmuyiwa, 2013, p.52). As banks have to

consciously regard their operating countries’ laws and regulations, if banks’ customers are

located in more than one country, this risk increases. As for Internet banking, there are

several new regulations and laws pertaining the area; financial institutions need to address

this risk.

Keeping customer information confidentiality is the key of compliance risks; they have to ask

for customer permission before complying to the various regulations, or tax practices, by

providing information. Customers appear to be “highly apprehensive” to their financial data

confidentiality (Gunajit and Pranav, 2010).

3. Reputation Risks

Reputation risk is the “risk to income and investment caused by unenthusiastic public view”

(Osunmuyiwa, 2013, p.52). Defective internet banking transactions can undermine banks’

reputation; “restricted accessibility and reduced reaction” are examples of defective internet

banking (Osunmuyiwa, 2013, p.52). Customers are also indifferent to banks’ perils; they are

demanding, regardless of actual risks banks face with Internet banking.

4. Information Security Risks

Information security risk is “risk to income and investment arising due to negligent data

safekeeping procedures, consequently revealing the organization to scam, information

obliteration, virus, information thieves, vicious hacker, insider attacks and Denial-Of-Service

9

(DOS) attacks” (Osunmuyiwa, 2013, p.52). As internet is an open system, anyone can reach

the online channel of banking system, thus heightening the peril. Online frauds, in turn, result

in increased complaints filed by the banks.

II. RISK MANAGEMENT

Risk management is a process of identifying, analyzing, evaluating, and monitoring risks to

mitigate or prevent loss. The process of risk management consists of five key steps; identify

risks, evaluate the weight of risks (frequency and severity), develop and select the method to

manage risk, implement the method, and monitor the risk management method implemented.

Risk management in banking firms follows the same process and principle in general risk

management. In banking firms risk management consist of board management oversight,

security control, and legal and reputation risk management.

A. Korea

The most noteworthy risk that has arisen from internet banking in Korea would be

Information Security Risks and Reputation Risks. However, it is neither because of open

nature of Internet, nor the lack of conscious efforts against possible informational breaches. It

is a government regulation which reinforces closed security system for internet banking.

1. Regulations and Security Risks

The Korean government has enforced “Public Key Infrastructure”(PKI) by “Digital Signature

Act”, which “guarantee the interoperability of digital signature and encryption algorithms for

all electronic transactions processed in Korea” in 1999 (Kim et al, 2011, p.1). These

encryptions are normally provided by the banks as “external plug-ins”. These plugins are all

based on the dominant browser of the time, Internet Explorer (IE), and in turn lock the

customers in for the browser.

As for PKI, it is a digital certificate issued by the government Certificate Authority stored in

the user’s hard disk or portable USB storages. The general transaction process runs as follows:

1) customer log-in with ID and PW 2) selected digits from an indexed Transactional

Authentication Number(iTAN) from security card are entered 3) PKI requires a private key to

sign the transactions. “A secure authenticated channel, SAC, is established” and this process

10

requires the aforementioned external plug-ins (Kim et al, 2011, p.3). The plug-ins also

include security updates to continuously retain safe user platform. As communication channel,

the Internet, is frequently affected, banks provide updated plug-ins for their customers to

download whenever there is a new threat, a new malware. Anti-virus program, personal

firewall, keystroke encryption plug-ins are some of the most common examples of such

services (Kim et al, 2011, p.4).

(If customers first enter the Website for Internet banking, they encounter the security program

installing page as above: Woori Bank, accessed at 12th

Dec. 2014)

However, these intricate, detailed designs turned out to be not so effective. Kim et al.(2011)

states five possible causes for the ineffective security systems in Korea: 1) private keys can

be easily hacked by malwares when the security is “only as good as their password”, 2) user

interface is weak and does not provide trustworthy keypad, 3) external plug-ins are not

invincible, 4) while browsers like Chrome are providing additional security features, Korean

users are tied to IE, 5) Koreans do not use wide-used protocols and therefore have little

security proofs (pp.5-7).

In October 2014, an alteration of the Electronic Transactions Law has been passed. This law

abolishes the “mandatory use” of PKI; banks will have to come up with other security

measures to replace PKI. In doing so, they have remarkable chance to manage security risks;

if some of them come up with even better solution to the PKI problems stated above, they

will pre-empt the competitive advantage in the realm of Information Security risks. Financial

Institutions ought to make alliance with IT innovators to further take advantage of this

regulation change.

11

2. Reputation Risks

PKI-based system of Korean Internet banking system has been very complicated. According

to Kim et al.(2011)’s research, 70% of Korean Internet banking customers have answered

that they would choose other countries’ internet banking services over Korea’s mainly

because it’s simpler. 30% that preferred Korean system did say that Korean service feels

more secure (p.8). However, it is problematic for internet banking reputation. Furthermore,

considering that external plug-ins have to be reinstalled for each bank’s online transactions, it

can be inferred that customers will likely use only a couple of internet banking system if at all.

Now that PKI regulation has been removed, banks will have to go through severe competition

in order to solicit customers with new transaction systems. Reputations, as well as IT

innovations stated in the previous security risk management analysis, will play a huge role in

this solicitation competition.

Kim et al.(2011)’s research also reveals that younger, better-educated customers have used

foreign banking services. About 50% of them use browsers like Firefox and Chrome for

general web-browsing activities apart from internet banking; they turn out to be tech-savvy. It

is also revealed in the research that these young respondents are security sensitive too; most

of them have own anti-virus software and firewall. These customers, however, says that

external plug-ins are too extensive and should be optional (68.7%), and have experienced

installation failures (83.7%) (p.9). It is clear from the research that young customers have

experienced foreign online services, and have better impression on them rather than on

Korean online systems.

Reputation risks come from defective online transactions, which include limited

accessibilities. Traditional Korean internet banking has had restricted customer accessibilities

using too many external plug-ins and binding them to IE browser. With the new regulation

coming, banks will have to attract younger, tech-savvy customers with simpler, open system

and better online reputations.

B. Indonesia

Despite of its convenience access in bank website and do financial transaction, the internet

banking user is Indonesia is still low compare to the huge population. In 2012, the internet

banking user was 6 million, only 3% of 250 million populations. And it was 9% of total 63

million internet users (Indonesia Internet Service Provider Association). The government and bank

in Indonesia keep trying to increase the number of internet banking users. Since 2013, the

12

internet banking transaction has shifted the credit card and ATM transaction that was the

biggest transaction (Sharing vision, 2014). But, Indonesia still struggle in dealing with IT

system risk.

IT system risk in Indonesia is a really big issue. Indonesia is primarily a target for less

sophisticated cybercrimes in which the attackers prey on the lack of awareness among people

to seek financial gain. Indonesia ranked tenth in Symantec's global list as the country

accounted for 2.4% of the world's cybercrimes in 2011 (Canning, 2013). There are lot cases

of theft through internet banking and credit card use in Indonesia. In the middle of 2012, the

central bank, Bank Indonesia received 1,009 reports of payment fraud in electronic banking

involving credit card and internet banking with total loss $254,000. This is because the

system failed to identify and validate the customers. Up until the end of 2013, operational

risk due to lack of talent and IT system risk remained the biggest challenge in banking firms

(PWC, 2013).

To manage this risk, many banking firms are investing on IT system that provides more

securities. The central bank also orders all banking firms to use standardize system ruled in

Peraturan Bank Indonesia (Bank Indonesia Law) and Surat Edaran Bank Indonesia (Bank

Indonesia Circular Letter). Bank Indonesia also order banking firms to always improve the

risk management and good corporate governance.

C. New Zealand

Banking in New Zealand has undergone a substantial transformation in the last 20 years,

followed by an increased focus on risk management. Technology innovations, especially

through electronic banking system have contributed to more sophisticated risk management,

but they also imply that the failure or malfunction of technology may be a greater source of

potential risks including compliance and reputation risks (Reserve Bank of New Zealand,

2004).

In New Zealand, one way to control compliance risks on internet banking is self discipline

through a good corporate finance. This measure has improved the overall risk management in

bank, but self discipline is likely to be less effective as problems within a bank start to arise,

which implies the need for regulatory intervention. The Reserve Bank of New Zealand, NZ’s

central bank is the one who monitors all the other banks throughout the nation. According to

13

part 5 of the “Reserve Bank of New Zealand Act 1989”, the Reserve Bank is entitled to

supervise banks for the purposes of “promoting the maintenance of a sound and efficient

financial system and avoiding significant damage to the financial system that could result

from the failure of a registered bank” (Reserve Bank of New Zealand, 2004). The Reserve

Bank of New Zealand plays an important role as a delegated monitor, ensuring that the banks

abide by all the related regulations such as Privacy Act and the compliance risks with respect

to internet banking are being controlled as much as possible.

The reputation of banking firms is of the main factors attracting foreign and domestic

investors, and will ultimately influence the prices and quantities at which New Zealand can

access foreign and domestic savings. Considering the small size of NZ economy, the

willingness of foreign investors to provide funds into the domestic capital market is crucial.

Therefore, it gives the banks a stronger incentive to minimize their reputational risks. Those

risks are highly correlated with the level of banking firm’s protection for user privacy and

online security measures. In order to ensure the customer’s personal information and

transactions are well protected, the ANZ bank takes a variety of security measures: challenge

questions (three questions that customers set up with their own answers which help the bank

verify their identity), ANZ shield (a free security app for Android and iPhone which allows

customers to generate a one-time passcode known as a Shield Code to authenticate certain

ANZ Internet Banking payments and activities), SNS notifications, fraud detection system,

encryption (prevents unauthorized users from being able to change or read the customer’s

data), automatic time-outs, and ANZ internet banking guarantee (unauthorized transaction

claims of up to $10,000 will be reimbursed within five business days of receiving the

customer’s completed documentation) (ANZ, n.d.). In addition, ANZ has a contract with two

security software providers offering ANZ customers a 90 day free trial of premium security

software. After the trial, there is an option to purchase this software at a discounted rate

which is likely to add another layer of security control for internet banking services (ANZ,

n.d.). BNZ also uses encryption, automatic time-outs and fraud detection system (firewall) as

its main strategy to ensure online security and ultimately, to control reputational risks.

III. CONCLUSION

The last decade has seen dramatic technological development which led to much more

convenient, simplified ways of providing banking services through the internet. The internet

14

banking system has enabled bank customers to perform all sorts of transactions online and the

number of internet banking users around the globe is increasing every year. At the same time,

it implies the need for the banking firm’s enhanced, systematic risk management with respect

to internet banking as well as a greater source of potential risks caused by technological

investments. The comparison among each internet banking system in Korea, Indonesia, and

New Zealand indicate that banks in all the three countries particularly focus on managing

compliance risks and reputation risks by their own security measures and strict adherence to

regulations. It is notable that in Korea, some changes have been made to the Act which was

first enacted 1999 and this change in the regulation may work out as new opportunities for

risk management. To sum up, banking firms have devised various measures to minimize the

internet banking risks but there lies a limit in this ‘self-discipline’ even through a good

corporate finance. Therefore, a certain degree of regulatory intervention is highly required for

more enhanced risk management.

15

Bibliography

Acevedo, L. (n.d.). The Importance of E-banking in Business. Retrieved December 12, 2014,

from http://smallbusiness.chron.com/importance-ebanking-business-26188.html

Andreasson, K. (2013, January 1). Meeting The Cyber Security Challenge In Indonesia - An

Analysis Of Threats And Responses

ANZ Bank. (n.d.). How we protect you. Retrieved from http://www.anz.com/personal/ways-

bank/security/online-security/protect-you/

ASB Bank. (n.d.). Features at a glance. Retrieved from

https://www.asb.co.nz/Personal/Banking-with-ASB/Internet-banking/Features-at-a-glance

Canstar. (May 2013). New Zealand Online Banking. Auckalnd: Author.

Harrington, S., & Niehaus, G. (2004). Risk management and insurance (2nd ed., Vol. 1).

Boston: Irwin/McGraw-Hill.

Heidi Richards. (n.d.). Information Technology Risks. USA: Federal Reserve Board.

Indonesia Still Struggling With Electronic Fraud: BI - The Jakarta Globe. (2012, July 6).

Retrieved December 12, 2014, from http://thejakartaglobe.beritasatu.com/archive/indonesia-

still-struggling-with-electronic-fraud-bi/

Indonesian Banking Survey 2013. (2013, January 1). Retrieved December 12, 2014, from

http://www.pwc.com/id/en/publications/assets/pwc-indonesia-banking-survey-2013.pdf

Internet Banking (E-banking). (2008). Retrieved from http://www.worldjute.com/ebank.html

Kim, H. et al. (2011). On the Security of Internet Banking in South Korea – a lesson in how

not to regulate security. University of Oxford.

Kim, H., & Park, C. (2003). The Impact of Internet Banking on the Performance of the

Korean Banking Industry: An Empirical Analysis. Retrieved December 12, 2014, from

http://www.kdi.re.kr/upload/7036/VI_KimHyeonWook.pdf

Mandiri Internet FAQ. (n.d.). Retrieved December 12, 2014, from

http://bankmandiri.co.id/english/article/faq-ib.aspx

NCB Interpol Indonesia - Peranan Bank Indonesia Dalam Pencegahan Kejahatan Penipuan

Internet di Perbankan. (2013, January 2). Retrieved December 12, 2014, from

http://www.interpol.go.id/en/transnational-crime/cyber-crime/90-peranan-bank-indonesia-

dalam-pencegahan-kejahatan-penipuan-internet-di-perbankan

Nilai Transaksi Internet Banking Lebih Besar dari ATM dan Kartu Kredit. (2014, July 6).

Retrieved December 14, 2014, from http://sharingvision.com/2014/07/nilai-transaksi-

internet-banking-lebih-besar-dari-atm-dan-kartu-kredit/

Osunmuyiwa, O. (2013). Online Banking and the Risks Involved. Research Journal of

Information Technology 5: 50-54.

Ramakrishnan, G. (2001). Risk Management for Internet Banking.

16

Retrieved from http://www.isaca.org/JOURNAL/PAST-ISSUES/2001/VOLUME-

6/Pages/Risk-Management-for-Internet-Banking.aspx

Reserve Bank of New Zealand. (2004). Review of the regulation and performance of New

Zealand's major financial institutions. Retrieved from

https://www.rbnz .govt.nz/regulation_and_supervision/banks/relationships

The top five banks in Indonesia. (2013, December 5). Retrieved December 12, 2014, from

http://www.thebanker.com/Banker-Data/Bank-Trends/The-top-five-banks-in-Indonesia